One of the most popular methods of protection of confidential data is using encryption of this data. Encryption of data in the general case is a reversible transformation of information for purposes of concealing it from unauthorized persons, while at the same time providing authorized persons with access to it. There are many different methods of data encryption.
File encryption is an encryption applied only to specific files on a computer disk. It is easier and faster to employ, but it has its drawbacks. For example, encrypted files can be copied and decrypted by hacking the encryption key. Programs which use encrypted files may store the decrypted files in cache, and also the original file after the encryption is removed from the disk, but it can be restored from deleted files using, e.g., programs of the “undelete” family.
Full disk encryption (FDE) is an encryption of a disk in its entirety, along with its logical structure (e.g., logical partitions, master user account). In the case of FDE, the data, which is copied from the encrypted disk to another storage medium, is transformed into the decrypted (original) form. However, the saving of all data on an encrypted disk is a safer approach of ensuring the confidentiality of the user's data in cases when the user loses the device.
Many different FDE solutions on the market. The best known are the specialized software products: BitLocker, TrueCrypt, PGPDisk and others. Also, more recently, FDE software became part of popular corporate antivirus products, such as Kaspersky Endpoint Security DPE.
Typically, when performing full disk encryption of boot drives, a pre-boot authentication software is installed on the hard disk. This software requires the user to enter a password, after correct entry therefore, the booting of the operating system (OS) occurs. Antivirus software products have their own pre-boot authentication modules. When full disk encryption is applied to a boot drive, the antivirus software changes the sequence of the boot process, inserting the pre-boot authentication module into the normal computer booting process. This module operates at the pre-boot execution stage and uses the interfaces of the basic input/output system (BIOS) or a unified extensible firmware interface (UEFI) to work with the computer hardware. The pre-boot execution stage is a stage in which the computer firmware is initialized, but the booting of the operating system has not yet begun.
In the pre-boot execution stage, interaction with the computer hardware is possible through firmware interfaces. Firmware has its own errors, limitations and problems involving the hardware compatibility of devices. Therefore, the components of an antivirus software operating at this stage can also have various problems of compatibility. If such problems arise, the computer might not start, since the pre-boot authentication module is used for the booting of the OS from the encrypted disk, but it is not compatible with the computer hardware.
Moreover, there is a periodic requirement to update an antivirus application, as well as its components performing the full disk encryption functions. The main problem in updating is that the updated version of the pre-boot authentication module, which is available in the update, is not always compatible with the current (older) version of the pre-boot authentication module, which is already installed on the disk. To avoid problems of compatibility during updating, the antivirus application often performs a complete decryption of the data from the disk, updating of the pre-boot authentication module, and then complete encryption of the user data. Such a method of updating may take long time, limiting the work of the user on the device. Moreover, the user's data is decrypted, which may have negative consequences on its confidentiality.
Therefore, there is a need for solution enabling updating of the FDE software on a boot drive without decrypting and repeated encryption of the data.